The Agent Skills Directory

[SAFE]: The skill follows security best practices by using list-based arguments for all shell command executions within its Python scripts, which prevents shell injection attacks. Its functions (Git operations and Flutter publishing) are standard for the stated task and only operate within the user's project scope.
[PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface through the processing of repository data.
Ingestion points: Git commit messages are ingested via scripts/prepare_release.py to generate changelog entries.
Boundary markers: The instructions do not define specific delimiters to wrap the commit content when presenting it to the agent.
Capability inventory: The skill grants the agent the ability to commit, tag, and push changes to the repository, as well as execute package publication.
Sanitization: Commit messages are read directly from the Git log without filtering for potential instructions. This risk is inherent to tools that process commit history but is mitigated here by the instruction to present draft results for user confirmation.

release-dart-package-action